Private Internet providers say that security is their main concern with the OnLine Start Internet access offered by state-owned telecom monopoly Slovenské Telekomunikácie (ST).
"There are serious security problems with OnLine Start," said Stanislav Stowasser, general director of provider Global Network Services. "Under the law, you are not allowed to offer anonymous access to subscribers. OnLine Start is anonymous."
Stowasser, who is a member of an Internet provider group named API that is protesting the ST service, explained that OnLine Start uses one universal user name and password, which allows any user to surf the net unidentified.
According to the news agency SITA, API asked EuroCERT, an expert group on computer network safety, for an opinion on OnLine Start's alleged security faults. EuroCERT replied that "Internet connection through a uniform user name and password is not suitable from a safety viewpoint. In case of misuse, it is impossible to block the access of the responsible party."
But ST has defended their service, arguing that security concerns have been addressed.
"With our system, we know who is on the Internet at a given time. If an illegal activity is committed on the Internet of such severity that the police ask for the number, all we have to do is check who was on [the Internet] at that time," Bojňanský explained.
When challenged to explain how ST might distinguish between the various subscribers who might be using the Internet at the time a crime was committed, Bojňanský said "we could probably provide a list of five people who were on the Internet at that time."
He later added that the list could be as high as 28 users, given that each of the eight access units offered by OnLine Start across Slovakia had a capacity of 28 simultaneous users. However, he admitted that even if the user list contained only two telephone numbers, ST would still not be able to pinpoint which user had committed the crime. "OnLine Start is a pilot project," said Bojňanský. "We still have safety concerns to work out."
The Telecom Ministry, under whose jurisdiction ST falls, has also said that some safety improvements are required, but has added that security concerns have been exaggerated by the API. "There are some concerns, some dangers exist," said Stanislav Vanek, director of the Department of Regulation at the ministry. "But a hacker can abuse the Internet under almost any system. There will always be ways for hackers to commit crimes."
Confronted by criticism, ST has been at pains to point out that its Internet provider accusers are themselves guilty of offering an insecure service - the "Max-card" system of Internet access offered by some providers.
The Max-card is a pre-paid system of access, in which customers pay 600 Slovak crowns ($15) for a card which bears an individual password giving them access to the Internet. Although users of Max-card remain anonymous, their accounts may still be identified through their passwords.
"The Max-card has safety faults, too," said Bojňanský. "What [private Internet providers] do is worse than us, but no one complains about it. This is a case of them saying 'What I do is OK, but what you do is illegal.'"
But Stowasser denied that the Max-card carried security risks. "When an illegal operation is committed, we can immediately drain [the offender's] account and, therefore, block their usage. While it is not perfect, Max-card is still a better system than ST's because it has individual passwords whereas OnLine Start has a universal access code."
22. Mar 1999 at 0:00 | Chris Togneri